Jack-Daniyel "JD" Strong

Blog

  • Sourdough Zen

    Sourdough Zen

    Once again, we find ourselves in trying times, and I find myself searching for my zen through sourdough. Sourdough is made from four simple ingredients: flour, water, salt and time. Adjusting any of these ingredients will impact the final product. But the last ingredient—time—is arguably the most important.

    The 2020 pandemic made sourdough hip and cool (again). Why? We had time. Time to feed a starter. Time to stretch and fold the dough. Time to shape. Time to score. Time to bake.

    Starter

    I grew up in the era of the original tamagotchi. The tamagotchi was an electronic toy displaying a digital image of a creature, which had to be looked after and responded to by the “owner” as if it were a pet. The sourdough starter can be seen in the same way—a pet that needs feeding and to be cared for. Water, flour, and time. Getting a starter going from scratch takes some persistence, but maintaining a starter isn’t difficult for even the laziest amongst us.

    I have maintained my starter, nicknamed The Yeastie Boys for over a decade. They are typically fed once a week as I make a batch of pizza dough, a loaf of bread, a pan of focaccia, or discard waffles. But The Boys and I have been through some stretches, where they’ve been abandoned, either by my travels or lack of time. Only the strongest survive, and after a feeding, possibly two, The Boys are back in action and ready to convert flour and water into carbon dioxide and flavor.

    Exposure

    I grew up on reruns of Mr. Wizard, Radio Shack Science Fair 200 in 1 electronics project lab, and a mother/nana duo of bakers in the kitchen. My mom and nana baked a lot of white homemade loaves risen with commercial powdered yeast, resulting in soft, pillowy loaves you wanted to smother in butter and devour. As kids, my brother and I watched, sometimes got in the way trying to help, but were surrounded by the wonders of fresh baked bread. My mom tried—and succeeded at—making amazing challah, bathed in an egg wash that made it look as if Norman Rockwell had painted it.

    Handwritten: Homemade Bread (2 loaves) Mix { 2 cups lukewarm liquid (milk, water, or potato water) 4 tbsp sugar 1 tsp salt 4 tbsp (1/4 cup) soft shortening Crumble into mix 1 cake yeast or 1 pkg dry yeast Mix in 6-6 1/4 c. flour until easy to handle - Turn onto board—let stand 10 min then knead 10-12 min. Put in greased bowl & let raise for 2 hours or until dbl

    In college, I was lucky to have an apartment on campus with a full size stove and oven, and some time. With a copy of my mom’s bread recipe in its handy recipe binder, I set out to make bread by hand. No mixer. Taking the time to knead the dough on my small apartment kitchen counter. Stretching and folding the dough. Taking the stresses of school, work, and studies and putting them into the dough.

    I made a lot of bread. I ate a lot of bread.

    Post college, Alton Brown’s Good Eats came on the air. Mr. Wizard meets food science. I was obsessed. I perfected the brined AB Turkey, I made his grandmother’s pillowy soft biscuits. I knew how to cook from my mom and Boy Scouts, but I learned to experiment. I recreated my mom’s cookie recipes. I turned that into a side hustle for a little while, selling dozens of cookies around the holidays to my coworkers—who did not have the time.

    Experimentation

    At some point along the way, I came across one of those automatic bread makers. It had been a long while since I had baked bread, and despite the unitasker, it was fun to toss in water, flour, yeast, salt and some two hours later the house smelled like baked bread. The loaves weren’t pretty. Barely sliceable for toast. The bottom center looked as if a chipmunk dug into it to extract the mixing paddle. I managed a 100% whole wheat loaf from a bread maker. It was good, but it wasn’t great. I had come a long way from my college bread-making days, but sourdough was an entirely new challenge—one that required me to embrace failure as part of the process.

    At this point, I had also transitioned to a wholefood plant-based diet, and read more about how whole foods work with our bodies. Whole wheat bread—check. This is good, and good for you. But I was also reading about how much different bread is when allowed to ferment. Fermentation is a process where microorganisms—wild yeast and lactic acid bacteria—feed on the sugars in the dough, producing gases and acids. Yes, these byproducts are what give sourdough its rise, flavor, and texture—but the wild yeasts and bacteria fundamentally transform the flour, making it more digestible.

    About that time, I stumbled upon a new website, The Perfect Loaf. Maurizio Leo, a software engineer turned baker, walked me through a starter using rye flour. I experimented with baker’s percentages, and learned a whole new world for calculating a loaf. I hit the library and dug into books old and new about sourdough. Studied the black and white photos in books to understand shaping a loaf. I overproofed. I under baked. I lacked strength in my dough. I swore a lot.

    Confidence

    For the last eight years, Sunday night has been pizza night: from hand-stretched thin crusts to Al Taglio, the airy, bready Roman-style pizza. The toppings sometimes help clean out the fridge, but the smell of baked bread, the crack of the crust, the yin and yang of the sour crumb of the crust to the sweet maillard caramelized sugar in the dough wafts through our home on a Sunday night.

    Pizza on Sundays is a reset. Last week’s stresses are tonight’s dinner. Time was invested and then shared with those I love. Mistakes are now happy accidents, and the swearing is less. My experiments built confidence, and helped me focus and refine pizza doughs, sandwich loaves, focaccias and more.

    Sourdough is not a rushed activity. It requires patience, from nurturing the starter to allowing the dough to rise and develop flavor, to the final bake. Sourdough is a reminder of the importance of respecting time and process in both baking and life. Experimentation takes time. Sourdough takes time.

    Take time.

    Find your sourdough Zen.

  • Add More Protein to a Whole Food Plant-Based Diet

    Add More Protein to a Whole Food Plant-Based Diet

    Did you know the average adult loses 3–5% of their muscle mass every decade after age 30? 

    When I first transitioned to a whole food plant-based (WFPB) diet 15 years ago, I thought I had it all figured out. I embraced vibrant salads, hearty grains, and colorful veggies with enthusiasm—but there was one thing I overlooked: protein. More recently, I realized I needed to be more intentional about getting enough of this critical macronutrient, especially as I get older.

    I’m not a registered dietitian, though my partner—who has a nutrition degree and will soon be an RDN—has helped me navigate this journey. Can we really meet our protein needs on a WFPB diet? What does 25–30 grams of protein per meal look like when meat and dairy aren’t on the menu? And how do we incorporate protein into daily meals without feeling overwhelmed?

    I’ll share my journey of tackling protein goals one meal at a time—starting with breakfast. I’ve included practical tips, science-backed facts, and easy recipes to help anyone interested in optimizing their plant-based lifestyle. If I can do it, so can you!

    Why Protein is Key, Especially as We Age

    Protein is often referred to as the “building block” of the body—and for good reason. It’s essential for repairing tissues, building muscle, and supporting a healthy immune system. But as we age, protein becomes even more critical for maintaining our health.

    Around the age of 30, adults begin losing muscle mass at a rate of 3–5% per decade, a condition known as sarcopenia. This natural muscle loss doesn’t just impact strength and mobility—it can also affect metabolism, increase the risk of falls, and reduce overall quality of life. The National Institute on Aging emphasizes the importance of adequate protein intake to mitigate these effects.

    How much protein do we actually need? While the RDA (Recommended Dietary Allowance) for protein is about 0.8 grams per kilogram of body weight, experts like those at Harvard T.H. Chan School of Public Health suggests aiming higher—especially for older adults. Studies show that 1.0–1.2 grams per kilogram of body weight can help preserve muscle and prevent deficiencies, which translates to approximately 25–30 grams of protein per meal for most adults.

    On a whole food plant-based diet, this can feel like a daunting target at first. Volumetrically, it’s a lot of food, but calorically, it’s not. The good news is that with a little planning and creativity, it’s absolutely achievable. The key is knowing which plant-based foods pack a protein punch and learning how to incorporate them into balanced meals.

    Plant-Based Protein Sources That Pack a Punch

    One of the most common misconceptions about plant-based diets is that they’re inherently low in protein. While it’s true that meat, eggs, and dairy are often concentrated protein sources, there’s no shortage of plant-based foods that deliver plenty of protein along with fiber, vitamins, and minerals.

    Here are some of the best whole food plant-based protein sources to consider:

    1. Legumes (Beans, Lentils, and Chickpeas)

    Legumes are a powerhouse of protein, delivering around 7–9 grams of protein per half cup cooked. Beyond protein, they’re also high in fiber, which helps with digestion and keeps you feeling full. For example:

    • Black beans: 7g protein per ½ cup
    • Lentils: 9g protein per ½ cup
    • Chickpeas: 7g protein per ½ cup

    2. Soy-Based Foods (Tofu, Tempeh, and Edamame)

    Soy is one of the most protein-dense plant-based options. It’s also a complete protein, meaning it contains all nine essential amino acids your body can’t produce on its own.

    • Firm tofu: 15g protein per ½ block (3 ounces)
    • Tempeh: 15g protein per ½ block (3 ounces)
    • Edamame: 9g protein per ½ cup

    3. Whole Grains (Quinoa, Oats, and Brown Rice)

    While grains aren’t often thought of as protein sources, they can still contribute a significant amount to your daily intake—especially when paired with other foods.

    • Quinoa: 8g protein per cup (cooked)
    • Steel-cut oats: 5g protein per ½ cup (cooked)
    • Brown rice: 5g protein per cup (cooked)

    4. Nuts, Seeds, and Nut Butters

    Nuts and seeds are small but mighty, offering a mix of protein, healthy fats, and minerals. Incorporate them into smoothies, oatmeal, or salads for an easy protein boost.

    • Chia seeds: 2g protein per tablespoon
    • Hemp hearts: 3g protein per tablespoon
    • Almond butter: 6g protein per 2 tablespoons

    5. Plant-Based Protein Powders

    While focusing on whole foods is ideal, protein powders and protein isolates can be a convenient option for busy days. Many brands, like Orgain, offer plant-based protein powders that are free of artificial ingredients. One serving of Orgain’s protein powder packs 21g protein, making it good for a post-workout smoothie or breakfast on the go. You can also find protein isolates like pea-protein, defatted peanut butter powder and other protein isolates that do not have sweeteners or creamer-like smoothie bases.

    By incorporating a variety of these foods, you can easily meet your protein needs while enjoying a diverse and flavorful diet. Check out the Cleveland Clinic’s guide on protein-rich plant-based foods for more options.

    What 25–30g Protein Per Meal Looks Like

    Meeting the recommended 25–30 grams of protein per meal on a plant-based diet is easier than you might think. It’s all about combining a few key ingredients to create a well-rounded plate.

    Breakfast is often considered the most important meal of the day, so it’s a great place to start when trying to boost your protein intake. By incorporating a few high-protein ingredients into your morning routine, you can create meals that are not only filling but also fuel you for the day ahead.

    Here are a few examples of what a high-protein breakfast can look like:

    1. Savory Chickpea and Tofu Scramble Wrap

    • 1/2 cup cooked chickpeas (7g protein)
    • 1/2 block firm tofu, crumbled (15g protein)
    • 1 whole-grain tortilla (6g protein)
    • 1 tbsp nutritional yeast (2g protein)
      Total Protein: ~30g

    2. Quinoa Breakfast Bowl with Almond Butter and Chia

    • 1 cup cooked quinoa (8g protein)
    • 1 tbsp chia seeds (2g protein)
    • 2 tbsp almond butter (6g protein)
    • 1/2 cup unsweetened soy milk (4g protein)
      Total Protein: ~28g

    3. Lentil and Sweet Potato Hash

    • 1/2 cup cooked lentils (9g protein)
    • 1 small roasted sweet potato (2g protein)
    • 1/4 cup edamame (6g protein)
    • 1/2 cup spinach (1g protein)
      Total Protein: ~27g

    4. Coach’s Oats Overnight Oats Smoothie with Orgain Protein Powder

    • 50g Orgain protein powder (21g protein)
    • 40g Coach’s Oats (6g protein)
    • 1 tbsp hemp seeds (3g protein)
      Total Protein: ~30g

    By building meals with protein-dense ingredients like legumes, grains, soy, and seeds, you can easily hit your target protein goals without compromising on flavor or nutrition.

    Tips for Success

    1. Plan Ahead: Keep your pantry stocked with staples like lentils, quinoa, tofu, and nuts.
    2. Diversify Your Plate: Mix and match protein sources to ensure you’re getting all essential amino acids.
    3. Experiment with Recipes: Don’t be afraid to try new meals or flavors to keep things exciting.

    Meeting protein needs on a plant-based diet is not only possible—it’s enjoyable, sustainable, and full of culinary possibilities.

    Conclusion

    Adding more protein to a whole food plant-based diet doesn’t have to be complicated or intimidating. With a little planning, creativity, and some go-to recipes, you can easily meet your protein needs while enjoying a diverse and nutrient-rich menu.

    Throughout my own journey, I’ve learned that building high-protein meals is all about balance—combining legumes, grains, soy-based foods, and seeds in ways that are both flavorful and satisfying. Whether it’s a quick Coach’s Oats smoothie for breakfast, a hearty lentil hash, or a tofu scramble, the possibilities are endless.

    And yes, plant-based eaters can absolutely meet their protein needs! By focusing on variety and incorporating nutrient-dense foods, you can thrive on a plant-based diet while supporting your health, energy, and longevity.

    I’d love to hear from you! What are your favorite high-protein plant-based meals? Have you tried any of the recipes shared in this post?

    References

    Academy of Nutrition and Dietetics. (n.d.). Vegetarian diets, from https://www.eatright.org/food/nutrition/vegetarian-and-special-diets/vegetarian-diets 

    Cleveland Clinic. (2021). Plant-based sources of protein, from https://health.clevelandclinic.org/plant-based-sources-of-protein/ 

    Coach’s Oats. (n.d.). Coach’s Oats, from https://www.coachsoats.com

    Harvard T.H. Chan School of Public Health. (n.d.). Protein: What’s the best source?, from https://www.hsph.harvard.edu/nutritionsource/what-should-you-eat/protein/

    National Institute on Aging. (n.d.). Protein: Why your body needs it, from https://www.nia.nih.gov/health/protein-important-you

    Orgain. (n.d.). Plant-based protein powder, from https://orgain.com/collections/protein-powder

    Physicians Committee for Responsible Medicine. (n.d.). Protein, from https://www.pcrm.org/good-nutrition/nutrition-information/protein 

    United States Department of Agriculture. (n.d.). FoodData Central, from https://fdc.nal.usda.gov/

  • Unlocking Declarative Device Management

    Unlocking Declarative Device Management

    Declarative Device Management (DDM) represents a significant leap forward in Apple device management. By enabling devices to enforce configurations autonomously and report their compliance dynamically, DDM eliminates many of the challenges that plague legacy profiles. However, with only ~20% of MDM configurations currently available as DDM profiles, early adoption and feedback are critical to shaping its future. This is a continuation of my exploration of DDM. We will look at the available DDM profiles, how to create, deploy, and verify DDM profiles.

    Addressing the Challenges with Legacy Profiles

    While legacy profiles remain functional in many scenarios, they often fail to reliably enforce critical configurations, such as passcode policies. For example, a legacy passcode policy delivered via .mobileconfig may prompt users to update their passcode but allows them to dismiss the request, leaving devices non-compliant. And, lack of enforcement for software updates is part of the reason tools like Nudge exist—to provide additional pressure for users to install software updates and comply with policies. This inconsistency stems from how macOS processes legacy profiles, not the fault of MDM vendors.

    DDM resolves these issues by enforcing policies at the system level, ensuring compliance without relying on repeated server-side pushes. For a concrete example, see how DDM handles Passcode Policies in the next section.

    Why DDM Matters

    Despite potential limitations, DDM represents the future of Apple device management. It introduces self-enforcing profiles that allow devices to autonomously enforce configurations without constant oversight from MDM servers. It’s a game-changer, but to fully realize its potential, Mac Admins need to understand what is available in DDM profiles, how to create, deploy, and verify DDM profiles in their environments. Finally, we need to ask our MDM providers to fully implement all available keys for profiles, lower the guardrails or provide a way to ship our own JSON.

    Let’s prepare for the future of device management. Let’s dive in.

    The Building Blocks of DDM: Configuration Profiles

    At the heart of Declarative Device Management (DDM) are configuration profiles—the building blocks that describe the desired state of a device. Unlike legacy .mobileconfig profiles, which are written in XML plist format, DDM profiles use the JSON format. This shift to JSON aligns with modern data standards, making DDM profiles more versatile and easier to integrate into existing workflows.

    Key Differences Between Legacy and DDM Profiles

    Legacy profiles follow a static model: they define settings and rely on the MDM server to enforce those settings on devices. If something changes, the server needs to push the updated configuration again. DDM profiles, on the other hand, take a declarative approach:

    • Self-Enforcing: Devices enforce their own configurations locally, reducing reliance on the server and network availability.
    • Dynamic Updates: DDM profiles allow devices to dynamically adjust to changes and report their compliance status back to the server.
    • Lightweight JSON Format: While legacy profiles are written in XML, DDM profiles use JSON, making them more compact and modern.

    For developers and admins, Apple provides several helpful resources to explore these profiles:

    Passcode Policies: Legacy vs. DDM

    Passcode policies provide a great example of the difference between legacy and Declarative Device Management (DDM) profiles.

    Legacy Passcode Profiles

    In the legacy model, passcode enforcement relies on the MDM server to push settings to devices via .mobileconfig files. However, enforcement is inconsistent—users can simply dismiss passcode prompts, leaving devices non-compliant. This limitation stems from how macOS processes legacy profiles, not from MDM vendors.

    DDM Passcode Profiles

    With DDM, passcode settings are enforced at the system level, ensuring compliance. Devices autonomously apply the required configurations and report their status back to the MDM. Key settings in DDM include:

    • RequirePasscode: Requires users to set up a passcode on their device.
    • RequireComplexPasscode: Enforces complex passcodes that avoid repetitive or sequential characters (e.g., “123” or “ABC”) and require at least one non-alphanumeric character.
    • MinimumLength: Specifies the minimum number of characters in the passcode.
    • MaximumFailedAttempts: Limits the number of failed login attempts before the device locks.
    • MaximumGracePeriodInMinutes: Controls how long users can wait before the device locks after waking.
    • MaximumInactivityInMinutes: Locks the device after a period of inactivity.

    For example, enabling RequireComplexPasscode eliminates the need for admins to define complex regular expressions for passcode validation. This built-in enforcement saves time and ensures compliance across devices.

    Here’s a sample JSON configuration for a DDM passcode policy with common settings:

    {
   "Type": "com.apple.configuration.passcode.settings",
   "Identifier": "com.example.config.passcode.settings",
   "Payload": {
      "RequireComplexPasscode": true,
      "MinimumLength": 10,
      "MinimumComplexCharacters": 1,
      "MaximumFailedAttempts": 11,
      "MaximumGracePeriodInMinutes": 1,
      "MaximumInactivityInMinutes": 15
   }
}

    Once deployed, this configuration ensures that users must comply with the passcode policy during login or when creating or updating their password. For example, Apple’s Passcode Declarative Configuration specifies that users have 60 minutes to set a passcode before being forced to comply.

    Settings like RequireComplexPasscode help enforce stricter security policies directly within macOS, iOS, and iPadOS, reducing the need for third-party solutions. However, full implementation of these keys depends on your MDM provider. If certain keys are missing, reach out to your provider to advocate for full DDM support.

    By leveraging DDM for passcode policies, admins can eliminate the gaps in enforcement common with legacy profiles, ensuring greater consistency and security across their managed devices.

    Available Profiles in DDM

    Apple’s declaration reference documentation and GitHub repo outline the available configuration profiles for DDM. These profiles are organized into logical categories, making it easier for admins to identify and implement the ones they need.

    Account Configurations

    Manage user accounts for email, calendar, contacts, and more: AccountCalDAV, AccountCardDAV, AccountExchange, AccountGoogle, AccountLDAP, AccountMail, AccountSubscribedCalendar.
    Example: Automatically set up corporate Exchange accounts or Google accounts for secure and seamless employee access to email and calendars.

    Settings Configurations

    Define system behaviors and settings: AppManaged, DiskManagementSettings, MathSettings, PasscodeSettings, SafariExtensionSettings, ScreenSharingConnection, SoftwareUpdateSettings.
    Example: Enforce passcode complexity requirements or configure software updates to ensure device compliance with organizational policies.

    Credential Configurations

    Manage identities, certificates, and authentication: AssetCredentialACME, AssetCredentialCertificate, AssetCredentialIdentity, AssetCredentialSCEP, AssetCredentialUserNameAndPassword.
    Example: Dynamically issue SCEP certificates for secure Wi-Fi or VPN access without manual intervention.

    Security Configurations

    Enhance device security and protect user data: SecurityCertificate, SecurityIdentity, SecurityPasskeyAttestation, ManagementStatusSubscriptions.
    Example: Deploy certificates for encrypted email or enable WebAuthn enterprise attestation for secure authentication.

    Service Configurations

    Manage background services and configuration files: ServicesBackgroundTasks, ServicesConfigurationFiles.
    Example: Optimize app updates or manage custom enterprise application configurations.

    Activation and Deployment Configurations

    Streamline activation and deployment workflows: ActivationSimple.
    Example: Bundle multiple configurations like passcodes, software updates, and account setups for efficient deployment to new devices.

    Test and Legacy Configurations

    Test DDM functionality or use legacy configurations temporarily: ManagementTest, LegacyProfile.
    Example: Validate DDM profiles before rolling out or rely on legacy profiles during the transition to DDM.

    Assets and User Credentials

    Manage reusable assets and credentials: AssetData, AssetUserIdentity, UserNameAndPasswordCredential.
    Example: Distribute username/password credentials for VPNs securely while reducing the need for manual user input.

    Why DDM Profiles Matter

    DDM profiles offer Mac Admins a new level of flexibility and reliability, improving compliance, security, and automation. Each profile serves as a building block for tailoring devices to meet organizational needs. As Apple continues expanding the number of supported configurations, the potential for declarative management will only grow.

    Creating DDM Configuration Profiles

    Creating Declarative Device Management (DDM) configuration profiles involves working directly with JSON files generated from YAML declarations. Unlike legacy profiles, where tools like Configurator2 or iMazing Profile Editor allowed Mac Admins to create profiles via user-friendly interfaces, there currently isn’t an equivalent for DDM. However, with the right tools and resources, building DDM profiles is still manageable.

    Generating DDM Profiles: Tools and Workflow

    To generate DDM configuration profiles, we rely on YAML declarations, which Apple provides in their GitHub repository. These YAML files specify the settings available for different types of configurations, such as passcodes, software updates, and VPN requirements. The YAML can then be converted into JSON, the format required by DDM.

    Here’s an example workflow for creating DDM profiles:

    1. Start with YAML Declarations

      • Visit the Apple GitHub repository to find the YAML for the configuration you want to create.
      • For example, the YAML declaration for passcode settings can be found here.

    2. Convert YAML to JSON

      • Use a tool like Jesse Peterson’s ideclr.py to get you started with a JSON payload.
      • For now, we have to manually translate the YAML into JSON if you are familiar with the structure.

    For example, the passcode YAML generates the following JSON with all of the available keys:

    {
   "Type": "com.apple.configuration.passcode.settings",
   "Identifier": "com.example.config.passcode.settings",
   "Payload": {
      "RequirePasscode": false,
      "RequireAlphanumericPasscode": false,
      "RequireComplexPasscode": false,
      "MinimumLength": 0,
      "MinimumComplexCharacters": 0,
      "MaximumFailedAttempts": 11,
      "FailedAttemptsResetInMinutes": null,
      "MaximumGracePeriodInMinutes": null,
      "MaximumInactivityInMinutes": null,
      "MaximumPasscodeAgeInDays": null,
      "PasscodeReuseLimit": null,
      "ChangeAtNextAuth": false,
      "CustomRegex": {
         "Regex": null,
         "Description": {
            "default": null
         }
      }
   }
}

    1. Edit and Customize the JSON

      • Once the JSON is generated, modify it to suit your specific needs. For example:

        • Set "RequirePasscode" to true to enforce passcodes.
        • Adjust "MinimumLength" and "MaximumFailedAttempts" to comply with organizational policies.

      • Save the file with a meaningful name, such as passcode.settings.json, for easy identification.

    2. Test with an Open-Source Example

    With your configuration profiles created, the next step is to deploy them effectively to your fleet of devices. In the next section, we’ll cover deployment strategies, common challenges, and how to verify that your profiles are working as intended.

    Deploying and Implementing DDM Profiles

    Once you’ve created your Declarative Device Management (DDM) profiles, the next step is deploying them to your devices. While the process shares similarities with legacy profiles, DDM introduces new tools and techniques that require admins to adapt. This section covers deployment strategies, verification methods, and tools to ensure your configurations are applied and working as intended.

    Deploying DDM Profiles Using Your MDM Provider

    Most Mac Admins rely on an MDM provider to manage their fleet of devices, and many providers now support custom JSON profiles. Here’s how you can deploy DDM profiles through your MDM:

    1. Upload the Profile
      Log into your MDM provider’s portal, navigate to the section for custom configuration profiles, and upload your JSON file (e.g., passcode.settings.json).
    2. Assign Devices
      Assign the profile to a test group of devices to verify its behavior before rolling it out fleet-wide.
    3. Monitor Deployment
      Use your MDM’s dashboard to track profile delivery and ensure that the configurations have been pushed to the assigned devices.

    Check your MDM provider’s documentation to confirm the extent of their DDM support. Some providers may not fully support all DDM keys or features, so it’s important to verify what’s available.

    Alternative Deployment Tools

    If your MDM provider doesn’t yet fully support DDM or you want greater control over deployment, there are several open-source tools you can use to manage DDM profiles.

    KMFDDM

    KMFDDM is an open-source framework for deploying and managing DDM profiles. It’s a lightweight and flexible alternative for admins looking to test or implement DDM without relying on an MDM provider. Use the KMFDDM Quickstar.to get started.

    Fleet Device Management

    Fleet is a scalable fleet management system that integrates with tools like osquery for compliance monitoring. For admins considering Fleet, there’s a docker setup available to simplify the deployment process.

    Zentral

    Zentral is another open-source solution that combines device management tools like osquery and Santa for comprehensive security and compliance monitoring. Zentral’s quickstart guide makes setup straightforward.

    Verifying Deployment

    Verification is a critical step to ensure that DDM profiles have been successfully deployed and are working as expected. Unlike legacy profiles, which could be manually installed and easily viewed in System Settings, DDM profiles often require programmatic verification. Here’s how you can confirm deployment and compliance:

    Where to Check Configurations on Devices

    1. System Settings:

      • Like legacy profiles, DDM profiles may appear in System Settings under General > Device Management.
      • Passcode policies are enforced when users create or update their password.
      • Software update settings appear in General > Software Update, including the DetailsURL for additional instructions.

    2. Programmatic Verification:
      Use tools like mdmclient or osquery to inspect installed profiles and verify compliance programmatically.

    Using Tools to Verify Deployment

    mdmclient Commands

    The mdmclient utility is part of Apple’s Managed Client (MCX) framework and allows you to query device status and configurations. Here are some useful commands:

    Query Device Information:
    /usr/libexec/mdmclient QueryDeviceInformation

    • Retrieves general device information, including enrollment details.

    Check Available OS Updates:
    /usr/libexec/mdmclient AvailableOSUpdates

    • Lists available OS updates based on your DDM configuration.

    Inspect Installed Profiles:
    /usr/libexec/mdmclient QueryInstalledProfiles

    • Lists all installed profiles, including DDM profiles.

    Dump Management Status:
    /usr/libexec/mdmclient dumpManagementStatus

    • Provides a detailed overview of the device’s management state.

    Using osquery

    osquery is an open-source tool that lets you query device configurations with -like syntax. It’s particularly useful for auditing compliance across your fleet.

    Check Passcode Policies:

    SELECT * FROM managed_policies WHERE name = "Passcode";

    Inspect Software Update Settings:

    SELECT * FROM software_update;

    Combine osquery with tools like Zentral or Fleet for ongoing compliance monitoring and reporting.

    Best Practices for Deployment and Verification

    To ensure successful deployment and compliance, follow these best practices:

    1. Start with Test Devices:
      Always test DDM profiles on a small group of devices to validate their behavior before rolling them out fleet-wide.
    2. Monitor Compliance:
      Use your MDM provider’s dashboard, mdmclient, or osquery to monitor compliance and troubleshoot issues.
    3. Communicate with Users:
      Inform users about new policies and configurations, especially if they introduce restrictions (e.g., stricter passcode requirements or forced updates).
    4. Advocate for Full DDM Support:
      Work with your MDM provider to ensure they support all DDM keys and configurations. Provide feedback about missing features or guardrails that limit your ability to customize profiles.

    With your DDM profiles successfully deployed and verified, you’re well on your way to leveraging declarative management to its fullest potential. In the next section, we’ll explore advanced use cases, including integrating DDM profiles with security frameworks and automating compliance reporting.

    DDM is the future of Apple device management, offering Mac Admins more robust and reliable tools for ensuring compliance and security. As Apple expands DDM’s capabilities and MDM providers adopt full support, the flexibility and reliability of declarative management will only improve. By embracing DDM now, Mac Admins can help shape its development and prepare their organizations for the next generation of device management.. Start by exploring available profiles, testing them on your devices, and working with your MDM provider to implement missing features. Let’s work together to build a better future for device management.

  • Declarative Device Management

    Declarative Device Management

  • iPhone LinkedIn QR code

    iPhone LinkedIn QR code

    Ready access to LinkedIn, really?

    According to LinkedIn,

    The LinkedIn QR code makes it easy to meet someone offline, and stay in touch with them on LinkedIn. This feature provides a simple and efficient way to find LinkedIn members, and then connect with them by quickly scanning a QR code.

    We’re focussed on LinkedIn, but really this could be any QR code: Snapchat, Mastodon, Threads, Instagram… I’m not judging. LinkedIn has become our online resume, but also a professional connection platform. Personally, if I need to reach out to a Mac Admin, I’ll go to the Mac Admins Slack, but I have other connections from past consulting clients to friends and colleagues I have met along the way.

    A shortcut to QR codes

    To set up your LinkedIn QR code for easy access, we’ll start by saving it to a dedicated photo album. This makes it easier for the shortcut to locate the image later. As of the writing of this article, getting to your LinkedIn QR codes is the following 5 steps:

    1. Open the LinkedIn app on your mobile device.
    2. Tap the  QR code in the Search bar at the top of your LinkedIn homepage.
    3. Tap the My code tab to find your QR code.
    4. You can tap:
      1. Share my code to share your QR code via message, email or other third-party apps.
      2. Save to photos to save a copy of your QR code to your mobile device’s photo gallery.
    5. Tap an option from the dropdown that appears, and follow the prompts.

    For our purpose here, Save a copy of your QR code to your photo gallery, and choose the Save code only option.

    Save a copy of your QR code to your photo gallery, and choose the Save code only option.

    The goal in this step is to create a Photo Album with a single photo. That single photo being your QR code.

    1. Open up the Photos app, scroll down to Albums, and tap into Albums.
    2. Tap Create in the upper right, and select New Album.
    3. Give the album a name like “LI QR”.
    4. Click Add Photos and find your QR code.
    5. Click Create.
    6. Alternatively, find the QR code you saved to Photos, and tap into the photo. Tap the … in the upper right corner, and select Add to Album. Select the “LI QR” album.
    7. Another option would be to tap the + when viewing a the QR code image and create the Album with this QR code.
    Create a new album called "LI QR"

    Now, let’s create a shortcut to find and present this QR code. (You can also access this shortcut here.)

    1. Open the Short cuts app, and create a new shortcut.
    2. In the Search Actions field, type “Photos” and select the Find Photos option.
    3. Tap Add Filter and set it to “Album is” and then tap to find your “LI QR” album.
    4. Tap the Limit slider and set it to “Get 1 Item.”
    5. Add another action, this time searching for “Show Result” and it should be default add a Photos variable.
    6. Give it a name like Show LI QR and then tap Done in the upper right.
    7. Long press on the new shortcut and select Details.
    8. Under the Privacy tab, enable Allow Running When Locked.
    9. Tap Done in the upper right.
    Screenshot of the complete Shortcut workflow.

    Finally, let’s set up ready access to this shortcut by assigning it to the Double or Triple-tap Back accessibility function.

    1. In the Settings app, search for “Back Tap.” (Accessibility > Touch)
    2. Tap into Triple Tap and scroll down to Shortcuts.
    3. Select Show LI QR shortcut we created earlier.
    4. Back out or swipe to close the Settings app.
    5. Give the back of your phone a double or triple tap.
    Back Tap accessibility settings

    With this shortcut set up, you’ll never have to fumble through apps to find your LinkedIn QR code again. A quick tap on the back of your iPhone is all it takes to connect with new contacts on the spot. 

    This same shortcut can be used for other social media QR codes, like Instagram or Snapchat, so you’re ready for any networking situation. How are you utilizing Shortcuts?